mirror of https://github.com/MISP/MISP
new: Limit modules to a single organisation
- new settings in serverSettingspull/2831/head
parent
4e44f8dd0b
commit
a2205fba31
|
@ -2580,7 +2580,7 @@ class AttributesController extends AppController {
|
|||
if (empty($attribute)) throw new NotFoundException('Invalid Attribute');
|
||||
$this->loadModel('Server');
|
||||
$this->loadModel('Module');
|
||||
$modules = $this->Module->getEnabledModules();
|
||||
$modules = $this->Module->getEnabledModules($this->Auth->user());
|
||||
$validTypes = array();
|
||||
if (isset($modules['hover_type'][$attribute[0]['Attribute']['type']])) {
|
||||
$validTypes = $modules['hover_type'][$attribute[0]['Attribute']['type']];
|
||||
|
|
|
@ -864,12 +864,20 @@ class EventsController extends AppController {
|
|||
$this->set('sightingsData', $sightingsData);
|
||||
if (Configure::read('Plugin.Enrichment_services_enable')) {
|
||||
$this->loadModel('Module');
|
||||
$modules = $this->Module->getEnabledModules();
|
||||
$modules = $this->Module->getEnabledModules($this->Auth->user());
|
||||
foreach ($modules as $k => $v) {
|
||||
debug($v);
|
||||
if (isset($v['restrict'])) {
|
||||
if (!$this->_isSiteAdmin() && $v['restrict'] != $this->Auth->user('org_id')) {
|
||||
unset($modules[$k]);
|
||||
}
|
||||
}
|
||||
}
|
||||
$this->set('modules', $modules);
|
||||
}
|
||||
if (Configure::read('Plugin.Cortex_services_enable')) {
|
||||
$this->loadModel('Module');
|
||||
$cortex_modules = $this->Module->getEnabledModules(false, 'Cortex');
|
||||
$cortex_modules = $this->Module->getEnabledModules($this->Auth->user(), false, 'Cortex');
|
||||
$this->set('cortex_modules', $cortex_modules);
|
||||
}
|
||||
$this->set('deleted', (isset($this->params['named']['deleted']) && $this->params['named']['deleted']) ? true : false);
|
||||
|
@ -996,12 +1004,21 @@ class EventsController extends AppController {
|
|||
$this->set('sightingsData', $sightingsData);
|
||||
if (Configure::read('Plugin.Enrichment_services_enable')) {
|
||||
$this->loadModel('Module');
|
||||
$modules = $this->Module->getEnabledModules();
|
||||
$modules = $this->Module->getEnabledModules($this->Auth->user());
|
||||
if (is_array($modules)) {
|
||||
foreach ($modules as $k => $v) {
|
||||
if (isset($v['restrict'])) {
|
||||
if ($this->_isSiteAdmin() && $v['restrict'] != $this->Auth->user('org_id')) {
|
||||
unset($modules[$k]);
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
$this->set('modules', $modules);
|
||||
}
|
||||
if (Configure::read('Plugin.Cortex_services_enable')) {
|
||||
$this->loadModel('Module');
|
||||
$cortex_modules = $this->Module->getEnabledModules(false, 'Cortex');
|
||||
$cortex_modules = $this->Module->getEnabledModules($this->Auth->user(), false, 'Cortex');
|
||||
$this->set('cortex_modules', $cortex_modules);
|
||||
}
|
||||
$this->set('contributors', $contributors);
|
||||
|
@ -3786,7 +3803,7 @@ class EventsController extends AppController {
|
|||
);
|
||||
}
|
||||
$this->loadModel('Module');
|
||||
$modules = $this->Module->getEnabledModules(false, 'Export');
|
||||
$modules = $this->Module->getEnabledModules($this->Auth->user(), false, 'Export');
|
||||
if (is_array($modules) && !empty($modules)) {
|
||||
foreach ($modules['modules'] as $module) {
|
||||
$exports[$module['name']] = array(
|
||||
|
@ -3832,7 +3849,7 @@ class EventsController extends AppController {
|
|||
)
|
||||
);
|
||||
$this->loadModel('Module');
|
||||
$modules = $this->Module->getEnabledModules(false, 'Import');
|
||||
$modules = $this->Module->getEnabledModules($this->Auth->user(), false, 'Import');
|
||||
if (is_array($modules) && !empty($modules)) {
|
||||
foreach ($modules['modules'] as $k => $module) {
|
||||
$imports[$module['name']] = array(
|
||||
|
@ -4138,7 +4155,7 @@ class EventsController extends AppController {
|
|||
if (empty($attribute)) throw new MethodNotAllowedException('Attribute not found or you are not authorised to see it.');
|
||||
if ($this->request->is('ajax')) {
|
||||
$this->loadModel('Module');
|
||||
$enabledModules = $this->Module->getEnabledModules(false, $type);
|
||||
$enabledModules = $this->Module->getEnabledModules($this->Auth->user(), false, $type);
|
||||
if (!is_array($enabledModules) || empty($enabledModules)) throw new MethodNotAllowedException('No valid ' . $type . ' options found for this attribute.');
|
||||
$modules = array();
|
||||
foreach ($enabledModules['modules'] as $module) {
|
||||
|
@ -4151,7 +4168,7 @@ class EventsController extends AppController {
|
|||
$this->render('ajax/enrichmentChoice');
|
||||
} else {
|
||||
$this->loadModel('Module');
|
||||
$enabledModules = $this->Module->getEnabledModules(false, $type);
|
||||
$enabledModules = $this->Module->getEnabledModules($this->Auth->user(), false, $type);
|
||||
if (!is_array($enabledModules) || empty($enabledModules)) throw new MethodNotAllowedException('No valid ' . $type . ' options found for this attribute.');
|
||||
$options = array();
|
||||
foreach ($enabledModules['modules'] as $temp) {
|
||||
|
|
|
@ -81,12 +81,20 @@ class Module extends AppModel {
|
|||
} else return 'The module service reports that it found no modules.';
|
||||
}
|
||||
|
||||
public function getEnabledModules($type = false, $moduleFamily = 'Enrichment') {
|
||||
public function getEnabledModules($user, $type = false, $moduleFamily = 'Enrichment') {
|
||||
$modules = $this->getModules($type, $moduleFamily);
|
||||
if (is_array($modules)) {
|
||||
foreach ($modules['modules'] as $k => $module) {
|
||||
if (!Configure::read('Plugin.' . $moduleFamily . '_' . $module['name'] . '_enabled') || ($type && in_array(strtolower($type), $module['meta']['module-type']))) {
|
||||
unset($modules['modules'][$k]);
|
||||
continue;
|
||||
}
|
||||
if (
|
||||
!$user['Role']['perm_site_admin'] &&
|
||||
Configure::read('Plugin.' . $moduleFamily . '_' . $module['name'] . '_restrict') &&
|
||||
Configure::read('Plugin.' . $moduleFamily . '_' . $module['name'] . '_restrict') != $user['org_id']
|
||||
) {
|
||||
unset($modules['modules'][$k]);
|
||||
}
|
||||
}
|
||||
} else return 'The modules system reports that it found no suitable modules.';
|
||||
|
@ -165,6 +173,7 @@ class Module extends AppModel {
|
|||
foreach ($modules['modules'] as $module) {
|
||||
if (array_intersect($this->__validTypes[$moduleFamily], $module['meta']['module-type'])) {
|
||||
$result[$module['name']][0] = array('name' => 'enabled', 'type' => 'boolean');
|
||||
$result[$module['name']][1] = array('name' => 'restrict', 'type' => 'orgs');
|
||||
if (isset($module['meta']['config'])) foreach ($module['meta']['config'] as $conf) $result[$module['name']][] = array('name' => $conf, 'type' => 'string');
|
||||
}
|
||||
}
|
||||
|
|
|
@ -2143,6 +2143,15 @@ class Server extends AppModel {
|
|||
$this->Module = ClassRegistry::init('Module');
|
||||
$serverSettings = $this->serverSettings;
|
||||
$moduleTypes = array('Enrichment', 'Import', 'Export', 'Cortex');
|
||||
$orgs = $this->Organisation->find('list', array(
|
||||
'conditions' => array(
|
||||
'Organisation.local' => 1
|
||||
),
|
||||
'fields' => array(
|
||||
'Organisation.id', 'Organisation.name'
|
||||
)
|
||||
));
|
||||
$orgs = array_merge(array('Unrestricted'), $orgs);
|
||||
foreach ($moduleTypes as $moduleType) {
|
||||
if (Configure::read('Plugin.' . $moduleType . '_services_enable')) {
|
||||
$results = $this->Module->getModuleSettings($moduleType);
|
||||
|
@ -2154,6 +2163,12 @@ class Server extends AppModel {
|
|||
$setting['type'] = 'boolean';
|
||||
$setting['description'] = 'Enable or disable the ' . $module . ' module.';
|
||||
$setting['value'] = false;
|
||||
} else if ($result['type'] == 'orgs') {
|
||||
$setting['description'] = 'Restrict the ' . $module . ' module to the given organisation.';
|
||||
$setting['value'] = 0;
|
||||
$setting['test'] = 'testLocalOrg';
|
||||
$setting['type'] = 'numeric';
|
||||
$setting['optionsSource'] = 'LocalOrgs';
|
||||
} else {
|
||||
$setting['test'] = 'testForEmpty';
|
||||
$setting['type'] = 'string';
|
||||
|
@ -2182,6 +2197,12 @@ class Server extends AppModel {
|
|||
$setting['type'] = 'boolean';
|
||||
$setting['description'] = 'Enable or disable the ' . $module . ' module.';
|
||||
$setting['value'] = false;
|
||||
} else if ($result['type'] == 'orgs') {
|
||||
$setting['description'] = 'Restrict the ' . $module . ' module to the given organisation.';
|
||||
$setting['value'] = 0;
|
||||
$setting['test'] = 'testLocalOrg';
|
||||
$setting['type'] = 'numeric';
|
||||
$setting['optionsSource'] = 'LocalOrgs';
|
||||
} else {
|
||||
$setting['test'] = 'testForEmpty';
|
||||
$setting['type'] = 'string';
|
||||
|
|
|
@ -24,8 +24,10 @@
|
|||
if ($setting['level'] == 0 || $setting['level'] == 2) $bgColour .= 'color:white;';
|
||||
}
|
||||
if ($setting['level'] == 3) $bgColour = 'background-color:gray;color:white;';
|
||||
if ($setting['type'] == 'boolean') $setting['value'] = ($setting['value'] === true ? 'true' : 'false');
|
||||
if (isset($setting['options'])) $setting['value'] = ($setting['options'][$setting['value']]);
|
||||
if ($setting['type'] == 'boolean') $setting['value'] = ($setting['value'] === true ? 'true' : 'false');;
|
||||
if (isset($setting['options'])) {
|
||||
$setting['value'] = $setting['options'][$setting['value']];
|
||||
}
|
||||
if ($setting['setting'] == 'Security.salt' && !isset($setting['error'])) {
|
||||
continue;
|
||||
}
|
||||
|
@ -39,7 +41,9 @@
|
|||
<?php if ((isset($setting['editable']) && !$setting['editable']) || $setting['level'] == 3): ?>
|
||||
<td id="setting_<?php echo h($subGroup) . '_' . $k; ?>_passive" class="inline-field-solid" style="<?php echo $bgColour; ?>width:500px;"><?php echo nl2br(h($setting['value']));?></td>
|
||||
<?php else: ?>
|
||||
<td id="setting_<?php echo h($subGroup) . '_' . $k; ?>_solid" class="inline-field-solid" ondblclick="serverSettingsActivateField('<?php echo $setting['setting'];?>', '<?php echo $k;?>')" style="<?php echo $bgColour; ?>width:500px;"><?php echo h($setting['value']);?></td>
|
||||
<td id="setting_<?php echo h($subGroup) . '_' . $k; ?>_solid" class="inline-field-solid" ondblclick="serverSettingsActivateField('<?php echo $setting['setting'];?>', '<?php echo $k;?>')" style="<?php echo $bgColour; ?>width:500px;">
|
||||
<?php echo h($setting['value']); ?>
|
||||
</td>
|
||||
<td id="setting_<?php echo h($subGroup) . '_' . $k; ?>_placeholder" class="short hidden inline-field-placeholder" style="<?php echo $bgColour; ?>width:500px;"></td>
|
||||
<?php endif; ?>
|
||||
<td style="<?php echo $bgColour; ?>"><?php echo h($setting['description']);?></td>
|
||||
|
|
Loading…
Reference in New Issue